QRadar Application Example with AQL via REST API Part 1

preview_player
Показать описание
The QRadar RESTfull API and AQL are powerful. Here is an example on how to bring that power to those SOC operator who need quick interfaces without having to learn AQL or write any program.
  1. Jose Bravo
  2. Arcsight
  3. nitro
  4. splunk
  5. envision
  6. logrithm
Рекомендации по теме
QRadar Application Example 0:05:35

QRadar Application Example with AQL via REST API Part 1

QRadar Application Example 0:10:26

QRadar Application Example with AQL via REST API Part 2

AQL Basics in 0:16:21

AQL Basics in 15 minutes

QRadar: AQL Tutorial 0:07:11

QRadar: AQL Tutorial Part 2. Very useful AQL functions:

Don't want to 0:05:57

Don't want to learn AQL, just yet? AQL Translator.

IBM QRadar AQL 0:14:59

IBM QRadar AQL for IR - Part 2

develop an app 0:16:10

develop an app with Qradar App Editor

QRadar AQL Custom 0:02:56

QRadar AQL Custom Properties

QRadar AQL Tutorial 0:05:01

QRadar AQL Tutorial Part 3. Leveraging the X-Force calls:

QRadar ReferenceSets - 0:05:17

QRadar ReferenceSets - Web Console

QRadar AQL Tutorial 0:07:49

QRadar AQL Tutorial Part 4. Investigating APTs using AQL

Mapping Flows to 0:10:28

Mapping Flows to Applications in QRadar, Part 1

Qradar new look 0:07:47

Qradar new look and feel dashboards

AQL Series Payload, 0:06:42

AQL Series Payload, Indexed and Regex Searches

New AQL Series- 0:09:43

New AQL Series- Quick Filter and UI Searches

IBM QRadar | 0:01:14

IBM QRadar | API Using - OffenseSummarizer

QRadar End Point 0:04:00

QRadar End Point Packages

QRadar CE -Advanced 0:04:01

QRadar CE -Advanced Searches

Qradar Forensics All 0:05:52

Qradar Forensics All kinds of traffic

QRadar Searches in 0:06:13

QRadar Searches in Six Minutes

QRadar AQL Tutorial 0:03:59

QRadar AQL Tutorial Part 5. Nested IF/ELSE and CASE statements

QRadar Search Tutorial 0:10:46

QRadar Search Tutorial

QRadar: AQL Tutorial 0:09:40

QRadar: AQL Tutorial Part 1. Documentation and basic syntax.

QRadar QDI 0:03:35

QRadar QDI

Комментарии
Автор

Hi Josh, I want help from you. I want to make a report of system health using AQL in which columns are elements, hostname, metricID (DiskSpaceUsed) and ('DiskSpaceTotal).
Following is the Query, I have an issue in that query it return actual data but return 2 rows of same columns, group by not working, kindly help me please

SELECT "Hostname", element AS Partiton_Name, MAX(value/(1024*1024*1024)) AS 'DiskUsedInGB', max(value/(1024*1024*1024)) AS 'DiskTotalSpace'
FROM events
WHERE LOGSOURCENAME(logsourceid)
ILIKE '%%health%%' AND "Metric ID"='DiskSpaceUsed' OR "Metric ID"='DiskSpaceTotal' GROUP BY element, "Metric ID"
LAST 2 MINUTES

Let me know if have any question
Thanks

umerahmed
join shbcf.ru